Date: Sat, 8 Sep 2007 11:09:44 GMT From: Matus Harvan <mharvan@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 126178 for review Message-ID: <200709081109.l88B9iW1014457@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=126178 Change 126178 by mharvan@mharvan_peleus on 2007/09/08 11:09:17 TCP LISTENALL patch cleanup * debugging printfs with #define DIAGNOSTIC * CTLFLAG_SECURE for the rate limit * priv_check() for PRIV_NETINET_TCP_LISTENALL * s/catchall/listenall/g to better descibe the functionality Affected files ... .. //depot/projects/soc2007/mharvan-mtund/sys.patches/sys.current.tcp_catchall.patch#2 edit .. //depot/projects/soc2007/mharvan-mtund/sys.patches/test_catchall/tcatchalld.c#2 edit .. //depot/projects/soc2007/mharvan-mtund/sys.patches/usr_include.patch#2 edit Differences ... ==== //depot/projects/soc2007/mharvan-mtund/sys.patches/sys.current.tcp_catchall.patch#2 (text+ko) ==== @@ -1,38 +1,38 @@ -Index: tcp.h +Index: netinet/tcp.h =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp.h,v retrieving revision 1.40 -diff -u -r1.40 tcp.h ---- tcp.h 25 May 2007 21:28:49 -0000 1.40 -+++ tcp.h 24 Aug 2007 17:21:49 -0000 +diff -d -u -r1.40 tcp.h +--- netinet/tcp.h 25 May 2007 21:28:49 -0000 1.40 ++++ netinet/tcp.h 8 Sep 2007 10:35:57 -0000 @@ -147,6 +147,7 @@ #define TCP_NOOPT 0x08 /* don't use TCP options */ #define TCP_MD5SIG 0x10 /* use MD5 digests (RFC2385) */ #define TCP_INFO 0x20 /* retrieve tcp_info structure */ -+#define TCP_CATCHALL 0x40 /* bind to all unused TCP ports */ ++#define TCP_LISTENALL 0x40 /* listen on all unused TCP ports */ #define TCPI_OPT_TIMESTAMPS 0x01 #define TCPI_OPT_SACK 0x02 -Index: tcp_input.c +Index: netinet/tcp_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.367 -diff -u -r1.367 tcp_input.c ---- tcp_input.c 30 Jul 2007 11:06:41 -0000 1.367 -+++ tcp_input.c 24 Aug 2007 17:21:51 -0000 +diff -d -u -r1.367 tcp_input.c +--- netinet/tcp_input.c 30 Jul 2007 11:06:41 -0000 1.367 ++++ netinet/tcp_input.c 8 Sep 2007 10:35:57 -0000 @@ -144,9 +144,15 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_RW, &tcp_autorcvbuf_max, 0, "Max size of automatic receive buffer"); -+static int catchalllim = 5; -+SYSCTL_INT(_net_inet_tcp, OID_AUTO, catchalllim, CTLFLAG_RW, -+ &catchalllim, 0, -+ "Rate limit on sockets created by the TCP_CATCHALL socket"); ++static int listenalllim = 5; ++SYSCTL_INT(_net_inet_tcp, OID_AUTO, listenalllim, CTLFLAG_RW | CTLFLAG_SECURE, ++ &listenalllim, 0, ++ "Rate limit on sockets created by the TCP_LISTENALL socket"); + struct inpcbhead tcb; #define tcb6 tcb /* for KAME src sync over BSD*'s */ struct inpcbinfo tcbinfo; -+struct inpcb *inp_tcatchall; /* binding to all unused TCP ports */ ++struct inpcb *inp_tlistenall; /* listening on all unused TCP ports */ static void tcp_dooptions(struct tcpopt *, u_char *, int, int); static void tcp_do_segment(struct mbuf *, struct tcphdr *, @@ -43,122 +43,129 @@ + static struct rate { + struct timeval lasttime; + int curpps; -+ } catchallr; ++ } listenallr; + #ifdef INET6 isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0; -@@ -460,6 +471,32 @@ +@@ -460,6 +471,36 @@ goto dropunlock; } #endif /* IPSEC */ + -+ /* catchall socket */ -+ if ((inp == NULL) && (inp_tcatchall != NULL)) { -+ printf("catchall socket used (0x%x)\n", -+ (unsigned int)inp_tcatchall); -+ char dbuf[4*sizeof "123"], sbuf[4*sizeof "123"]; ++ /* listenall socket */ ++ if ((inp == NULL) && (inp_tlistenall != NULL)) { ++#ifdef DIAGNOSTIC ++ printf("listenall socket used (0x%x)\n", ++ (unsigned int)inp_tlistenall); ++ char dbuf[INET_ADDRSTRLEN], sbuf[INET_ADDRSTRLEN]; + strcpy(dbuf, inet_ntoa(ip->ip_dst)); + strcpy(sbuf, inet_ntoa(ip->ip_src)); + printf("\tip_src: %s, sport: %hu\n\tip_dst: %s, dport: %hu\n", + sbuf, ntohs(th->th_sport), dbuf, ntohs(th->th_dport)); -+ ++#endif + /* do rate limiting for SYN packets */ + if (thflags & TH_SYN) { -+ if (catchalllim > 0) -+ if (ppsratecheck(&catchallr.lasttime, -+ &catchallr.curpps, catchalllim)) -+ inp = inp_tcatchall; ++ if (listenalllim > 0) ++ if (ppsratecheck(&listenallr.lasttime, ++ &listenallr.curpps, listenalllim)) ++ inp = inp_tlistenall; ++#ifdef DIAGNOSTIC + else + printf("ppsratecheck limited " -+ "tcp_catchall\n"); ++ "tcp_listenall\n"); ++#endif ++#ifdef DIAGNOSTIC + else -+ printf("ppsratecheck limited tcp_catchall\n"); -+ ++ printf("ppsratecheck limited tcp_listenall\n"); ++#endif + } else -+ inp = inp_tcatchall; ++ inp = inp_tlistenall; + } /* * If the INPCB does not exist then all data in the incoming -Index: tcp_subr.c +Index: netinet/tcp_subr.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v retrieving revision 1.296 -diff -u -r1.296 tcp_subr.c ---- tcp_subr.c 16 Aug 2007 01:35:55 -0000 1.296 -+++ tcp_subr.c 24 Aug 2007 17:21:54 -0000 +diff -d -u -r1.296 tcp_subr.c +--- netinet/tcp_subr.c 16 Aug 2007 01:35:55 -0000 1.296 ++++ netinet/tcp_subr.c 8 Sep 2007 10:35:57 -0000 @@ -264,6 +264,7 @@ tcp_rexmit_slop = TCPTV_CPU_VAR; tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; tcp_finwait2_timeout = TCPTV_FINWAIT2_TIMEOUT; -+ inp_tcatchall = NULL; ++ inp_tlistenall = NULL; INP_INFO_LOCK_INIT(&tcbinfo, "tcp"); LIST_INIT(&tcb); -Index: tcp_usrreq.c +Index: netinet/tcp_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_usrreq.c,v retrieving revision 1.160 -diff -u -r1.160 tcp_usrreq.c ---- tcp_usrreq.c 30 Jul 2007 11:06:41 -0000 1.160 -+++ tcp_usrreq.c 24 Aug 2007 17:21:55 -0000 -@@ -162,6 +162,11 @@ +diff -d -u -r1.160 tcp_usrreq.c +--- netinet/tcp_usrreq.c 30 Jul 2007 11:06:41 -0000 1.160 ++++ netinet/tcp_usrreq.c 8 Sep 2007 10:35:57 -0000 +@@ -48,6 +48,7 @@ + #endif /* INET6 */ + #include <sys/socket.h> + #include <sys/socketvar.h> ++#include <sys/priv.h> + #include <sys/protosw.h> + #include <sys/proc.h> + #include <sys/jail.h> +@@ -162,6 +163,13 @@ KASSERT(so->so_pcb == inp, ("tcp_detach: so_pcb != inp")); KASSERT(inp->inp_socket == so, ("tcp_detach: inp_socket != so")); -+ if (inp == inp_tcatchall) { -+ printf("deactivating TCP_CATCHALL - socket closed\n"); -+ inp_tcatchall = NULL; ++ if (inp == inp_tlistenall) { ++#ifdef DIAGNOSTIC ++ printf("deactivating TCP_LISTENALL - socket closed\n"); ++#endif ++ inp_tlistenall = NULL; + } + tp = intotcpcb(inp); if (inp->inp_vflag & INP_TIMEWAIT) { -@@ -1338,6 +1343,36 @@ +@@ -1338,6 +1346,29 @@ error = EINVAL; break; -+ case TCP_CATCHALL: -+ printf("TCP_CATCHALL option code\n"); ++ case TCP_LISTENALL: + error = sooptcopyin(sopt, &optval, sizeof optval, + sizeof optval); + if (error) + break; + -+ printf("TCP_CATCHALL optval: %d\n", optval); -+ if (optval > 0) { /* enable CATCHALL */ -+ printf("request to enable TCP_CATCHALL\n"); -+ if (inp_tcatchall == NULL) { -+ printf("enabled TCP_CATCHALL\n"); -+ inp_tcatchall = inp; -+ } else { -+ printf("TCP_CATCHALL already enabled, " -+ "ignoring setsockopt()\n"); ++ priv_check(curthread, ++ PRIV_NETINET_TCP_LISTENALL); ++ if (error != 0) ++ break; ++ ++ if (optval > 0) /* enable LISTENALL */ ++ if (inp_tlistenall == NULL) ++ inp_tlistenall = inp; ++ else + error = EBUSY; -+ } -+ } else {/* disable CATCHALL */ -+ printf("request to disable TCP_CATCHALL\n"); -+ if (inp_tcatchall == inp) { -+ printf("disabled TCP_CATCHALL\n"); -+ inp_tcatchall = NULL; -+ } else { -+ printf("TCP_CATCHALL already disabled" -+ ", ignoring setsockopt()\n"); -+ } -+ } ++ ++ else /* disable LISTENALL */ ++ if (inp_tlistenall == inp) ++ inp_tlistenall = NULL; ++ + break; + default: error = ENOPROTOOPT; break; -@@ -1371,6 +1406,13 @@ +@@ -1371,6 +1402,13 @@ case TCP_INFO: tcp_fill_info(tp, &ti); error = sooptcopyout(sopt, &ti, sizeof ti); + break; -+ case TCP_CATCHALL: -+ if (inp == inp_tcatchall) ++ case TCP_LISTENALL: ++ if (inp == inp_tlistenall) + optval = 1; + else + optval = 0; @@ -166,18 +173,33 @@ break; default: error = ENOPROTOOPT; -Index: tcp_var.h +Index: netinet/tcp_var.h =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_var.h,v retrieving revision 1.155 -diff -u -r1.155 tcp_var.h ---- tcp_var.h 28 Jul 2007 12:20:39 -0000 1.155 -+++ tcp_var.h 24 Aug 2007 17:21:56 -0000 +diff -d -u -r1.155 tcp_var.h +--- netinet/tcp_var.h 28 Jul 2007 12:20:39 -0000 1.155 ++++ netinet/tcp_var.h 8 Sep 2007 10:35:57 -0000 @@ -493,6 +493,7 @@ extern struct inpcbhead tcb; /* head of queue of active tcpcb's */ extern struct inpcbinfo tcbinfo; -+extern struct inpcb *inp_tcatchall; /* binding to all unused TCP ports */ ++extern struct inpcb *inp_tlistenall; /* listening on all unused TCP ports */ extern struct tcpstat tcpstat; /* tcp statistics */ extern int tcp_log_in_vain; extern int tcp_mssdflt; /* XXX */ +Index: sys/priv.h +=================================================================== +RCS file: /home/ncvs/src/sys/sys/priv.h,v +retrieving revision 1.15 +diff -d -u -r1.15 priv.h +--- sys/priv.h 18 Jun 2007 07:54:27 -0000 1.15 ++++ sys/priv.h 8 Sep 2007 10:35:58 -0000 +@@ -374,6 +374,7 @@ + #define PRIV_NETINET_ALIFETIME6 502 /* Administer IPv6 address lifetimes. */ + #define PRIV_NETINET_IPSEC 503 /* Administer IPSEC. */ + #define PRIV_NETINET_REUSEPORT 504 /* Allow [rapid] port/address reuse. */ ++#define PRIV_NETINET_TCP_LISTENALL 505 /* Allow setting TCP_LISTENALL */ + + /* + * IPX/SPX privileges. ==== //depot/projects/soc2007/mharvan-mtund/sys.patches/test_catchall/tcatchalld.c#2 (text+ko) ==== @@ -180,7 +180,7 @@ { int fd; int new_fd; - char *msg = "Welcome to catchalld\r\n"; + char *msg = "Welcome to listenalld\r\n"; char buf[1234]; int n, nwrite, nread; int soval = 1; @@ -188,8 +188,8 @@ fd = tcp_listen("1234"); - if (0 != setsockopt(fd, IPPROTO_TCP, TCP_CATCHALL, &soval, sizeof(soval))) - err(EX_UNAVAILABLE, "setsockopt(TCP_CATCHALL) failed"); + if (0 != setsockopt(fd, IPPROTO_TCP, TCP_LISTENALL, &soval, sizeof(soval))) + err(EX_UNAVAILABLE, "setsockopt(TCP_LISTENALL) failed"); while (count > 0) { new_fd = tcp_accept(fd); ==== //depot/projects/soc2007/mharvan-mtund/sys.patches/usr_include.patch#2 (text+ko) ==== @@ -4,7 +4,7 @@ #define TCP_NOOPT 0x08 /* don't use TCP options */ #define TCP_MD5SIG 0x10 /* use MD5 digests (RFC2385) */ #define TCP_INFO 0x20 /* retrieve tcp_info structure */ -+#define TCP_CATCHALL 0x40 /* bind to all unused TCP ports */ ++#define TCP_LISTENALL 0x40 /* bind to all unused TCP ports */ #define TCPI_OPT_TIMESTAMPS 0x01 #define TCPI_OPT_SACK 0x02
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709081109.l88B9iW1014457>